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DETAILED ACTION 

1 . This action is in reply to amendment filed 22 February 2007. Claims 
1,3,9,10,1 1,14,19,21 and 22 have been amended. Claims 23-26 have been cancelled 
and claims 32-42 are newly added. Therefore claims 1-22 and 27-42 remain pending. 

2. The Examiner acknowledges and accepts the amendment to claim 3 and 
necessarily withdraws the previous 112 rejection. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1 and 19 have been considered but 
are moot .in view of the new ground(s) of rejection. 

4. Applicant's arguments with respect to claim 27 have been fully considered but 
they are not persuasive. The applicant argues that Radatti does not disclose both 
flagging the network traffic content and sending a copy of the network traffic content to a 
second processor. The Examiner maintains the rejection, noting that the claim 
language reads on flagging all network traffic content, thus the intercept module in 
Radatti effectively flags the traffic content by sending the traffic to the first protocol 
scanner, wherein upon a decision of a desired protocol, the scanner sends a copy of the 
traffic to a second processor (the proscribed code scanner) for determining whether the 
network traffic content contains content desired to be detected. 

Claim Rejections - 35 USC § 103 

5. Claims 1-22, 27-42 are rejected under 35 U.S.C. 103(a) as being anticipated by 
Radatti et al. (US PgPub 2001/0042214) and further in view of Suuronen et al. (US 
PgPub 20030145228). 
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6. As per claim 1, Radatti discloses a device for managing network traffic flow, the 
device comprising: a processor, the processor configured to 
receive network traffic content, 

determine whether a protocol of the network traffic content matches a prescribed 
protocol of network traffic content that could contain content desired to be detected 
(paragraph [0016] and [0035]), and 

store the network traffic content in a stack when the protocol of the network traffic 
content matches the prescribed protocol (paragraph [0037] wherein it is necessary for 
the protocol scanner to store the traffic content in a stack while it is being 
processed/analyzed), wherein the stack is associated with a module configured to 
determine whether the network traffic content contains content desired to be detected 
([0035] wherein the module is the proscribed code scanner), and 

send at least a portion of the network traffic content to a memory when the 
protocol of the network traffic content matches the prescribed protocol (see [0037] 
wherein it may be argued that the memory is inherently included in the proscribed code 
scanner such as a buffer, enabling it to scan the code segments and calculate hashes 
of the code, as should be evident to one of ordinary skill in the art.) 

The Examiner further includes Suuronen to demonstrate the necessary memory 
for storing at least a portion of the network traffic content at the code scanner for 
enabling the scanning of the traffic (see [0022]). In view of Suuronen the Examiner 
argues that it is necessary and obvious for one to include such a temporary storage in 
Radatti for storing the data stream to be scanned. 
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7. As per claim 2, Radatti discloses the device of claim 1 , wherein the processor 
comprises a general purpose processor (see paragraph [0024]). 

8. As per claim 3, Radatti discloses the device of claim 1 , but does not disclose 
wherein the special purpose processor comprises an ASIC processor. 

The Examiner notes that is common and well known in the art to use ASIC 
processors for performing a specific function. 

It would have been obvious to one of ordinary skill in the art to perform the 
function of Radatti using an ASIC processor since they are well known and very 
commonly used. Motivation for one of ordinary skill in the art to use an ASIC processor 
would be to implement a processor that performs a specific function such as is desired 
in Radatti as would be well known to one of ordinary skill in the art. 

9. As per claim 4, Radatti discloses the device of claim 3, wherein the ASIC 
processor is a semi-custom ASIC processor. 

The Examiner notes that it is obvious in view of the above rejection to implement 
the processor wherein it is a semi-custom processor. 

10. As per claim 5, Radatti discloses the device of claim 3, wherein the ASIC 
processor is a programmable ASIC processor (see rejection above). 

11. As per claim 6, Radatti discloses the device of claim 1 , wherein the processor is 
further configured to send the network traffic content to a user when the protocol of the 
network traffic content does not match the prescribed protocol (paragraph [0017[). 

12. As per claim 7, Radatti discloses the device of claim 1 , further comprising the 
stack ([paragraph [0035] wherein it is necessary that the processor comprise the stack 
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for storing the code while it is being processed; see also Suuronen as discussed in the 
rejection to claim 1). 

1 3. As per claim 8, Radatti discloses the device of claim 7, wherein the stack is 
implemented in the processor or in another processor (paragraph [0035] see rejection 
above). 

14. As per claim 9, Radatti discloses the device of claim 8, wherein the stack is 
configured to store network traffic content in accordance with the protocol of the network 
traffic content (paragraph [0035] wherein the network traffic is stored and processed as 
it is received from the communications stream and then returned to the original stream 
in accordance with the proscribed protocol thus necessitating that it is stored in 
accordance with the protocol). 

15. As per claim 10, Radatti discloses the device of claim 1 , wherein the processor is 
further configured to assemble the at least a portion of the network traffic content with 
the rest of the network traffic content, and transmit the network traffic content to a user 
when it is determined that the network traffic content does not contain the content 
desired to be detected (paragraph [0037]). 

16. As per claim 1 1 , Radatti discloses the device of claim 1 , further comprising the 
module (paragraph [0037]). 

17. As per claim 12, Radatti discloses the device of claim 11, wherein the module is 
implemented in the processor (paragraph [0037]). 

18. As per claim 13, Radatti discloses the device of claim 1 1, wherein the module is 
implemented in an ASIC processor (see the rejection to claim 3). 
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19. As per claim 14, Radatti discloses the device of claim 1 , wherein the processor is 
further configured to 

flag the network traffic content when the protocol of the network traffic content 
matches the prescribed protocol, and 

send the flagged network traffic content to the memory (paragraph [0037] see 
also the rejection to claim 10, wherein the determination of protocol scanner to transmit 
the code to the proscribed code scanner is effectively flagging the data). 

20. . As per claim 15, Radatti discloses the device of claim 14, further comprising the 
module (see claim 11). 

21 . As per claim 16, Radatti discloses the device of claim 15, wherein the module is 
implemented in the processor (see claim 12). 

22. As per claim 17, Radatti discloses the device of claim 15, wherein the module is 
implemented in an ASIC processor (see claim 13). 

23. As per claim 18, Radatti discloses the device of claim 1 , wherein the content 
desired to be detected is selected from the group consisting of a virus, a worm, a web 
content, a Trojan agent, an email spam, and a packet transmitted by a hacker 
(paragraph [0004]). 

24. Claim 19 is rejected because it discloses similar subject matter as claim 1. 

25. Claim 20 is rejected because it discloses similar subject matter as claim 9. 

26. Claim 21 is rejected because it discloses similar subject matter to claim 10. 

27. Claim 22 is rejected because it discloses similar subject matter to claim 14. 
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28. As per claim 27, Radatti discloses a device for managing network traffic flow, the 
device comprising: a first processor, the first processor configured to 

receive network traffic content, 
flag the network traffic content, 

send the flagged network traffic content to a module, the module configured to 
pass unflagged data to a user and prevent flagged data from being sent to the user, and 
send a copy of the network traffic content to a second processor, the second processor 
configured to determine whether the network traffic content contains content desired to 
be detected (see rejection to claim 14 and 23 wherein the data is effectively flagged as 
it is transmitted to the proscribed code scanner and the unflagged data is passed back 
to the communications stream, see also arguments above). The Examiner further 
discusses Suuronen to demonstrate the lack of novelty of the Applicants invention. 
Suuronen discusses a firewall containing a processor for "flagging" data, and then 
further passing the flagged data to a second processor for determining whether the 
flagged data contains a virus (see [0020]-[0022]). Suuronen is not used to correct any 
deficiencies in Radatti, but to further demonstrate the commonality of the Applicant's 
invention as found in the art. 

29. As per claim 28, Radatti discloses the device of claim 27, wherein the first 
processor is further configured to transmit the network traffic content to a user when it is 
determined that the network traffic content does not contain the content desired to be 
detected (paragraph [0033]). 
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30. As per claim 29, Radatti discloses the device of claim 27, wherein the module 
comprises a memory, a buffer, or at least a portion of a processor (paragraph [0033]). 

31 . Claim 30 is rejected because it discloses similar subject matter to claim 27. 

32. Claim 31 is rejected because it discloses similar subject matter to claim 28. 

33. As per claim 32, Radatti discloses the device of claim 1 , further comprising the 
memory (see [0037] and further [0022] of Suuronen). 

34. As per claim 33, Radatti discloses the device of claim 27, wherein the first 
processor is configured to pass a portion of the network content downstream before the 
second processor finishes processing the network traffic content (see [0036] wherein 
the code that is not scanned is sent downstream). 

35. As per claim 34, Radatti discloses the device of claim 27, wherein the first 
processor and the second processor are parts of a processor (see [0045] wherein it is 
discussed that the modules may be on the same machine, as thus may necessarily be 
parts of a processor). 

36. As per claim 35, Radatti discloses the device of claim 34, wherein the processor 
comprises an ASIC processor (see rejection to claim 3). 

37. As per claim 36, Radatti discloses the device of claim 27, wherein the first 
processor is configured to flag the network traffic content by modifying data associated 
with the network traffic content or by inserting data to the network traffic content. The 
Examiner takes official notice that it is well known in the art that flagging data may 
consist of inserting or modifying data to be flagged. While Radatti doesn't specifically 
discuss flagging the data, Radatti does differentiate desired data to be scanned from 
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data that may not contain a virus, and thus it would have been obvious for one of 
ordinary skill in the art to modify Radatti to include in the differentiation step, a step of 
flagging the data to be scanned. This technique is well known in the art and would have 
been an obvious modification in view of the functionality of Radatti. 

38. As per claim 37, Radatti discloses the method of claim 30, wherein a portion of 
the network traffic content is passed downstream before the processor finishes 
processing the network traffic content (see rejection to claim 33). 

39. As per claim 38, Radatti discloses the method of claim 30, wherein the processor 
comprises an ASIC processor (see rejection to claim 3). 

40. As per claim 39, Radatti discloses the method of claim 30, wherein the network 
traffic content is flagged by modifying data associated with the network traffic content or 
by inserting data to the network traffic content, (see rejection to claim 36). 

41 . As per claim 40, Radatti discloses a device for managing network traffic flow, the 
device comprising: a processor, the processor configured to receive network traffic 
content, pass a first portion of the network traffic content downstream, and pass a 
second portion of the network traffic content to a stack for allowing the second portion to 
be scanned for content that is desired to be detected ([0037]). 

42. As per claim 41 , Radatti discloses the device of claim 40, wherein the processor 
is further configured to pass the second portion downstream after the second portion is 
scanned ([0037] wherein if it is determined that the second portion doesn't contain 
malicious content, then it is passed downstream). 
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43. As per claim 42, Radatti discloses the device of claim 40, wherein the first portion 
of the network traffic content is not scanned for the content that is desired to be 
detected (see [0037] wherein the data not meeting a specified protocol is not scanned 
and is passed to the user). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Joyce (US Patent 6519703) and Patel (US Patent 7181765). 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Bludau whose telephone number is 571- 
272-3722. The examiner can normally be reached on Monday -Friday 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Brandon S Bludau 

Examiner 
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